I don't want to download if the file has been compromised. I have many users that might attempt to rename the file to .exe

Are you distributing Flash Player within your organization? If so, the web (shim) installer, which you are downloading, is not the best install vector for distribution within an organization. The web/shim installers is a small file that then downloads the full Flash Player (and any other optional 3rd party software selected for download) silently in the background. Distributing Flash Player within an organization requires a distribution license (free for vast majority of use cases) and valid distribution license holders gain access to the full installers (EXE & MSI).